At a company I worked at recently, I ran across a Sharepoint site and wondered whether I could download data that I wasn’t supposed to see.
Now I understand the purpose of SharePoint and company intranets is to share data, but even then, some data should be restricted to a limited number of people.
So I decided to check (before doing things like this, you better know How to Stay Out of Jail).
If YOUR audit department doesn’t embrace data, analytics, and automation eventually, your audit department will NOT exist.
No data, no analytics. No analytics, no automation. Eventually, no audit department.
Editor Note: This post really applies to all departments in a company, but mainly I’m addressing auditors, but you might want to read between the business lines….
By embrace, I don’t mean have one or two auditors working on this. I mean the entire department.
Before you cite all the regulatory requirements mandating the existence of an audit department in companies, having an audit department in name only won’t cut it.
Having an inept audit department will not be acceptable to regulators, and it shouldn’t be acceptable to company management either. Or Audit Committees!
Companies need skilled and efficient auditors that can do the heavy lifting, and this need will only increase.
Some Chief Audit Executives (CAEs) and audit managers tend to think that audit automation is a set-it-and-forget-it process. NOT.
In this post, I want to expand on a problem I mentioned in an earlier post , 10 Signs Mgmt Doesn’t Really Support Analytics.
Audit management too often thinks that once a process or an audit is automated, ALL auditor/staff hours previously spent performing that process can be reassigned elsewhere.
That is not the case at all.
Passing the CISA exam does not make you a good IT auditor anymore than passing a driving test makes you a good driver.
Passing either exam says that you know the basics, but you still have a lot to learn.
Most likely, you still don’t know how and when to use what you know and apply it to the current situation. That’s why experience is necessary. Lots of it.
I’m going on a rant here, so reader beware. If you read on, make sure you hang in there until I make my main point in the end.
You just won’t feel the love right away…
Previously I wrote Will Robotics (RPA) Replace ACL?
The short answer is no, and I describe the reasons in that post.
But that doesn’t mean someone won’t try.
Shortly after I wrote my original robotics post, I encountered robotics vs. ACL, part 2.
Your management says it wants more analytics, but does it really support analytics? Here’s 10+ signs that indicate that your mgmt:
- Does NOT knows what it takes to get analytics off the ground
- Believes that analytics multiply like rabbits, naturally
- Is NOT willing to make the adjustments required to deliver and sustain real value.
Here’s a list of all my posts to-date related to becoming or growing as an IT Auditor, all in one place for easy reference.
I’ll add other posts as they are written.